Description:
A vulnerability was reported in Oracle Database. A remote user can determine user password hashes.

A remote user can send a few specially crafted network packets to obtain information about the session key and cryptographic salt for a target user. The information can be used to determine the cryptographic password hash.

The attack can be conducted without the database recording failed login attempts.